[Webkit-unassigned] [Bug 161763] New: [WTF] HashTable's rehash is not compatible to Ref<T> and ASan

Thu Sep 8 15:05:57 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=161763

            Bug ID: 161763
           Summary: [WTF] HashTable's rehash is not compatible to Ref<T>
                    and ASan
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Web Template Framework
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: utatane.tea at gmail.com

In HashTable::rehash, we perform reinsert(WTFMove(oldTable[i])).
Of course, later, this oldTable[i]'s destructor should be called.
But unfortunately, we decide whether we should call the destructor for the given entry by checking (!isDeletedBucket(table[i])) in HashTable::deallocateTable().
At that case, if the target is already moved, we accidentally touch the poisoned entry!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160908/f8b4cf1b/attachment.html>